Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 116th Congress · H.R. 8749 (Introduced in House) — To provide for digital accountability and transparency. · Sec. 6

Sec. 6. Information security standards

256 words·~1 min read·/bill/116/hr/8749/ih/section-6

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 1 year after the date of enactment of this Act, the Commission shall promulgate regulations under section 553 of title 5, United States Code, to require covered entities to establish and implement policies and procedures regarding information security practices for the treatment and protection of covered data taking into consideration— the level of identifiability of the covered data and the associated privacy risk; the sensitivity of the covered data collected, processed, and stored and the associated privacy risk; the currently available and widely accepted technological, administrative, and physical means to protect personal data under the control of the covered entity; the cost associated with implementing, maintaining, and regularly reviewing the safeguards; and the impact of these requirements on small and medium-sized businesses.
In promulgating the regulations required under this section, the Commission shall consider a covered entity who is in compliance with existing information security laws that the Commission determines are sufficiently rigorous to be in compliance with this section with respect to particular types of covered data to the extent those types of covered data are covered by such law, including the following: Title V of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6801 et seq.). The Health Information Technology for Economic and Clinical Health Act ( 42 U.S.C. 17931 ).
The Health Insurance Portability and Accountability Act of 1996 Security Rule (45 CFR 160.103 and part 164). Any other existing law requiring a covered entity to implement and maintain information security practices and procedures that the Commission determines to be sufficiently rigorous.
Connectionstraces to 2
1 reference not yet in our index
  • 45 CFR 160.103
Citation graph
cites case law
Sec. 6
Information security standards
U.S.C.§ 6801
U.S.C.§ 17931
Cite45 CFR 160.103
Cites 3Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.